Penetration Testing mailing list archives
Re: The goal of pentest by PCI DSS?
From: Jerome Athias <jerome.athias () free fr>
Date: Mon, 05 Oct 2009 09:59:59 +0200
Le dimanche 04 octobre 2009 à 22:41 +0400, Taras a écrit :
Does this mean that the main aim of pentester by PCI DSS is cardholder data? Or simply aim is to gain access (exploit vulnerabilities) to as much systems in CDE as possible? I asked about this because we can gain access to for example Oracle DB and do not try to search PANs in it. Or we can gain access to some users workstation and do not try to search cardholder data in file system.
(Should be a good question to ask to (my friend? :p) A. Gironda) For me, (after assuming that "Security is a process, not a product.", Bruce Schneier), security should be transversal (http://en.wikipedia.org/wiki/Transversal_line ).
One more question. Do you use social engineering in pentests by PCI DSS?
A secretary allways love chocolate ;p If it's a man, well... you should have some nice pictures in your pocket ;)
Thanks for answers! [0] https://www.pcisecuritystandards.org/security_standards/download.html?id=pci_dss_v1-2.pdf [1] https://www.pcisecuritystandards.org/pdfs/infosupp_11_3_penetration_testing.pdf
/JA ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- The goal of pentest by PCI DSS? Taras (Oct 04)
- RE: The goal of pentest by PCI DSS? Victor Langåssve (Oct 05)
- Re: The goal of pentest by PCI DSS? Mohamed Farid (Oct 05)
- RE: The goal of pentest by PCI DSS? Victor Langåssve (Oct 06)
- RE: The goal of pentest by PCI DSS? Philip Cox (Oct 05)
- Re: The goal of pentest by PCI DSS? Jerome Athias (Oct 05)
- Re: The goal of pentest by PCI DSS? David M. Zendzian (Oct 05)
- RE: The goal of pentest by PCI DSS? Gary Everekyan (Oct 05)
- RE: The goal of pentest by PCI DSS? Taras (Oct 27)